ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types of ISO documents should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of any patent rights identified during the development of the document will be in the Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions related to conformity assessment, as well as information about ISO’s adherence to the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see www.iso.org/iso/foreword.html.
This document was prepared by Technical Committee ISO/TC 34, Food products, Subcommittee SC 17, Management systems for food safety.
Any feedback or questions on this document should be directed to the user’s national standards body. A complete listing of these bodies can be found at www.iso.org/members.html.
This second edition cancels and replaces the first edition (ISO 22000:2005), which has been technically revised through the adoption of a revised clause sequence. It also incorporates the Technical Corrigendum ISO 22000:2005/Cor.1:2006.
The following annexes are included to provide the users of this document with further information:
- — Annex A: cross references between the CODEX HACCP principles and this document;
Introduction
0.1 General
The adoption of a food safety management system (FSMS) is a strategic decision for an organization that can help to improve its overall performance in food safety. The potential benefits to an organization of implementing a FSMS based on this document are:
- a) the ability to consistently provide safe foods and products and services that meet customer and applicable statutory and regulatory requirements;
- b) addressing risks associated with its objectives;
- c) the ability to demonstrate conformity to specified FSMS requirements.
This document employs the process approach (see 0.3), which incorporates the Plan-Do-Check-Act (PDCA) cycle (see 0.3.2) and risk-based thinking (see 0.3.3).
This process approach enables an organization to plan its processes and their interactions.
The PDCA cycle enables an organization to ensure that its processes are adequately resourced and managed, and that opportunities for improvement are determined and acted on.
Risk-based thinking enables an organization to determine the factors that could cause its processes and its FSMS to deviate from the planned results, and to put in place controls to prevent or minimize adverse effects.
In this document, the following verbal forms are used:
- — “shall” indicates a requirement;
- — “should” indicates a recommendation;
- — “may” indicates a permission;
- — “can” indicates a possibility or a capability.
“NOTES” provide guidance in understanding or clarifying the requirements in this document.
0.2 FSMS principles
Food safety is related to the presence of food safety hazards at the time of consumption (intake by the consumer). Food safety hazards can occur at any stage of the food chain. Therefore, adequate control throughout the food chain is essential. Food safety is ensured through the combined efforts of all the parties in the food chain. This document specifies the requirements for a FSMS that combines the following generally recognized key elements:
- — interactive communication;
- — system management;
- — prerequisite programmes;
- — hazard analysis and critical control point (HACCP) principles.
In addition, this document is based on the principles that are common to ISO management system standards. The management principles are:
- — customer focus;
- — leadership;
- — engagement of people;
- — process approach;
- — improvement;
- — evidence-based decision making;
- — relationship management.
0.3 Process approach
0.3.1 General
This document adopts a process approach when developing and implementing a FSMS and improving its effectiveness to enhance production of safe products and services while meeting applicable requirements. Understanding and managing interrelated processes as a system contributes to the organization’s effectiveness and efficiency in achieving its intended results. The process approach involves the systematic definition and management of processes, and their interactions, so as to achieve the intended results in accordance with the food safety policy and strategic direction of the organization. Management of the processes and the system as a whole can be achieved using the PDCA cycle, with an overall focus on risk-based thinking aimed at taking advantage of opportunities and preventing undesirable results.
The recognition of the organization’s role and position within the food chain is essential to ensure effective interactive communication throughout the food chain.
0.3.2 Plan-Do-Check-Act cycle
The PDCA cycle can be described briefly as follows:
Plan: | establish the objectives of the system and its processes, provide the resources needed to deliver the results, and identify and address risks and opportunities; |
Do: | implement what was planned; |
Check: | monitor and (where relevant) measure processes and the resulting products and services, analyse and evaluate information and data from monitoring, measuring and verification activities, and report the results; |
Act: | take actions to improve performance, as necessary. |
In this document, and as illustrated in Figure 1, the process approach uses the concept of the PDCA cycle at two levels. The first covers the overall frame of the FSMS (Clause 4 to Clause 7 and Clause 9 to Clause 10). The other level (operational planning and control) covers the operational processes within the food safety system as described in Clause 8. Communication between the two levels is therefore essential.
0.3.3 Risk-based thinking
0.3.3.1 General
Risk-based thinking is essential for achieving an effective FSMS. In this document, risk-based thinking is addressed on two levels, organizational (see 0.3.3.2) and operational (see 0.3.3.3), which is consistent with the process approach described in 0.3.2.
0.3.3.2 Organizational risk management
Risk is the effect of uncertainty, and any such uncertainty can have positive or negative effects. In the context of organizational risk management, a positive deviation arising from a risk can provide an opportunity, but not all positive effects of risk result in opportunities.
To conform to the requirements of this document, an organization plans and implements actions to address organizational risks (Clause 6). Addressing risks establishes a basis for increasing the effectiveness of the FSMS, achieving improved results and preventing negative effects.
0.3.3.3 Hazard analysis — Operational processes
The concept of risk-based thinking based on the HACCP principles at the operational level is implicit in this document.
The subsequent steps in HACCP can be considered as the necessary measures to prevent hazards or reduce hazards to acceptable levels to ensure food is safe at the time of consumption (Clause 8).
Decisions taken in the application of HACCP should be based on science, free from bias and documented. The documentation should include any key assumptions in the decision-making process.
0.4 Relationship with other management system standards
This document has been developed within the ISO high level structure (HLS). The objective of the HLS is to improve alignment between ISO management system standards. This document enables an organization to use the process approach, coupled with the PDCA cycle and risk-based thinking, to align or integrate its FSMS approach with the requirements of other management systems and supporting standards.
This document is the core principle and framework for FSMSs and sets out the specific FSMS requirements for organizations throughout the food chain. Other guidance related to food safety, specifications and/or requirements specific to food sectors can be used together with this framework.
In addition, ISO has developed a family of associated documents. These include documents for:
- — prerequisite programmes (ISO/TS 22002 series) for specific sectors of the food chain;
- — requirements for auditing and certification bodies;
- — traceability.
ISO also provides guidance documents for organizations on how to implement this document and related standards. Information is available on the ISO website.
1 Scope
This document specifies requirements for a food safety management system (FSMS) to enable an organization that is directly or indirectly involved in the food chain:
- a) to plan, implement, operate, maintain and update a FSMS providing products and services that are safe, in accordance with their intended use;
- b) to demonstrate compliance with applicable statutory and regulatory food safety requirements;
- c) to evaluate and assess mutually agreed customer food safety requirements and to demonstrate conformity with them;
- d) to effectively communicate food safety issues to interested parties within the food chain;
- e) to ensure that the organization conforms to its stated food safety policy;
- f) to demonstrate conformity to relevant interested parties;
- g) to seek certification or registration of its FSMS by an external organization, or make a self-assessment or self-declaration of conformity to this document.
All requirements of this document are generic and are intended to be applicable to all organizations in the food chain, regardless of size and complexity. Organizations that are directly or indirectly involved include, but are not limited to, feed producers, animal food producers, harvesters of wild plants and animals, farmers, producers of ingredients, food manufacturers, retailers, and organizations providing food services, catering services, cleaning and sanitation services, transportation, storage and distribution services, suppliers of equipment, cleaning and disinfectants, packaging materials and other food contact materials.
This document allows any organization, including small and/or less developed organizations (e.g. a small farm, a small packer-distributor, a small retail or food service outlet) to implement externally- developed elements in their FSMS.
Internal and/or external resources can be used to meet the requirements of this document.
2 Normative references
There are no normative references in this document.
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
- — ISO Online browsing platform: available at https://www.iso.org/obp
- — IEC Electropedia: available at http://www.electropedia.org/
3.1
acceptable level
level of a food safety hazard (3.22) not to be exceeded in the end product (3.15) provided by the organization (3.31)
3.2
action criterion
measurable or observable specification for the monitoring (3.27) of an OPRP (3.30)
Note 1 to entry: An action criterion is established to determine whether an OPRP remains in control, and distinguishes between what is acceptable (criterion met or achieved means the OPRP is operating as intended) and unacceptable (criterion not met nor achieved means the OPRP is not operating as intended).
3.3
audit
systematic, independent and documented process (3.36) for obtaining audit evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled
Note 1 to entry: An audit can be an internal audit (first party) or an external audit (second party or third party), and it can be a combined audit (combining two or more disciplines).
Note 2 to entry: An internal audit is conducted by the organization itself, or by an external party on its behalf.
Note 3 to entry: “Audit evidence” and “audit criteria” are defined in ISO 19011.
Note 4 to entry: Relevant disciplines are, for example, food safety management, quality management or environmental management.
3.4
competence
ability to apply knowledge and skills to achieve intended results
3.6
contamination
introduction or occurrence of a contaminant including a food safety hazard (3.22) in a product (3.37) or processing environment
3.8
control measure
action or activity that is essential to prevent a significant food safety hazard (3.22) or reduce it to an acceptable level (3.1)
Note 1 to entry: See also significant food safety hazard (3.40).
Note 2 to entry: Control measure(s) is (are) identified by hazard analysis.
3.9
correction
action to eliminate a detected nonconformity (3.28)
Note 1 to entry: A correction includes the handling of potentially unsafe products and can therefore be made in conjunction with a corrective action (3.10).
Note 2 to entry: A correction may be, for example, reprocessing, further processing and/or elimination of the adverse consequences of the nonconformity (such as disposal for other use or specific labelling).
3.10
corrective action
action to eliminate the cause of a nonconformity (3.28) and to prevent recurrence
Note 1 to entry: There can be more than one cause for a nonconformity.
Note 2 to entry: Corrective action includes cause analysis.
3.11
critical control point
CCP
step in the process (3.36) at which control measure(s) (3.8) is (are) applied to prevent or reduce a significant food safety hazard(3.40) to an acceptable level, and defined critical limit(s) (3.12) and measurement (3.26) enable the application of corrections (3.9)
3.12
critical limit
measurable value which separates acceptability from unacceptability
Note 1 to entry: Critical limits are established to determine whether a CCP (3.11) remains in control. If a critical limit is exceeded or not met, the products affected are to be handled as potentially unsafe products.
[SOURCE: CAC/RCP 1‑1969, modified — The definition has been modified and Note 1 to entry has been added.]
3.13
documented information
information required to be controlled and maintained by an organization (3.31) and the medium on which it is contained
Note 1 to entry: Documented information can be in any format and media, and from any source.
Note 2 to entry: Documented information can refer to:
3.14
effectiveness
extent to which planned activities are realized and planned results achieved
3.15
end product
product (3.37) that will undergo no further processing or transformation by the organization (3.31)
Note 1 to entry: A product that undergoes further processing or transformation by another organization is an end product in the context of the first organization and a raw material or an ingredient in the context of the second organization.
3.16
feed
single or multiple product(s), whether processed, semi-processed or raw, which is (are) intended to be fed to food-producing animals
Note 1 to entry: Distinctions are made in this document between the terms food (3.18), feed (3.16) and animal food (3.19):
- — food is intended for consumption by humans and animals, and includes feed and animal food;
- — feed is intended to be fed to food-producing animals;
- — animal food is intended to be fed to non-food-producing animals, such as pets.
[SOURCE: CAC/GL 81‑2013, modified — The word “materials” has been changed to “products” and “directly” has been deleted.]
3.17
flow diagram
schematic and systematic presentation of the sequence and interactions of steps in the process
3.18
food
substance (ingredient), whether processed, semi-processed or raw, which is intended for consumption, and includes drink, chewing gum and any substance which has been used in the manufacture, preparation or treatment of “food” but does not include cosmetics or tobacco or substances (ingredients) used only as drugs
Note 1 to entry: Distinctions are made in this document between the terms food (3.18), feed (3.16) and animal food (3.19):
- — food is intended for consumption by humans and animals, and includes feed and animal food;
- — feed is intended to be fed to food-producing animals;
- — animal food is intended to be fed to non-food-producing animals, such as pets.
[SOURCE: CAC/GL 81‑2013, modified — The word “human” has been deleted.]
3.19
animal food
single or multiple product(s), whether processed, semi-processed or raw, which is (are) intended to be fed to non-food-producing animals
Note 1 to entry: Distinctions are made in this document between the terms food (3.18), feed (3.16) and animal food (3.19):
- — food is intended for consumption by humans and animals, and includes feed and animal food;
- — feed is intended to be fed to food-producing animals;
- — animal food is intended to be fed to non-food-producing animals, such as pets.
[SOURCE: CAC/GL 81‑2013, modified — The word “materials” has been changed to “products”, “non” has been added and “directly” has been deleted.]
3.20
food chain
sequence of the stages in the production, processing, distribution, storage and handling of a food (3.18) and its ingredients, from primary production to consumption
Note 2 to entry: The food chain also includes the production of materials intended to come into contact with food or raw materials.
Note 3 to entry: The food chain also includes service providers.
3.21
food safety
assurance that food will not cause an adverse health effect for the consumer when it is prepared and/or consumed in accordance with its intended use
Note 1 to entry: Food safety is related to the occurrence of food safety hazards (3.22) in end products (3.15) and does not include other health aspects related to, for example, malnutrition.
Note 2 to entry: It is not to be confused with the availability of, and access to, food (“food security”).
Note 3 to entry: This includes feed and animal food.
[SOURCE: CAC/RCP 1‑1969, modified — The word “harm” has been changed to “adverse health effect” and notes to entry have been added.]
3.22
food safety hazard
biological, chemical or physical agent in food (3.18) with the potential to cause an adverse health effect
Note 1 to entry: The term “hazard” is not to be confused with the term “risk” (3.39) which, in the context of food safety, means a function of the probability of an adverse health effect (e.g. becoming diseased) and the severity of that effect (e.g. death, hospitalization) when exposed to a specified hazard.
Note 2 to entry: Food safety hazards include allergens and radiological substances.
Note 3 to entry: In the context of feed and feed ingredients, relevant food safety hazards are those that can be present in and/or on feed and feed ingredients and that can through animal consumption of feed be transferred to food and can thus have the potential to cause an adverse health effect for the animal or the human consumer. In the context of operations other than those directly handling feed and food (e.g. producers of packaging materials, disinfectants), relevant food safety hazards are those hazards that can be directly or indirectly transferred to food when used as intended (see 8.5.1.4).
Note 4 to entry: In the context of animal food, relevant food safety hazards are those that are hazardous to the animal species for which the food is intended.
[SOURCE: CAC/RCP 1‑1969, modified — The phrase “or condition of” has been deleted from the definition and notes to entry have been added.]
3.23
interested party (preferred term)
stakeholder (admitted term)
person or organization (3.31) that can affect, be affected by, or perceive itself to be affected by a decision or activity
3.24
lot
defined quantity of a product (3.37) produced and/or processed and/or packaged essentially under the same conditions
Note 1 to entry: The lot is determined by parameters established beforehand by the organization and may be described by other terms, e.g. batch.
Note 2 to entry: The lot may be reduced to a single unit of product.
[SOURCE: CODEX STAN 1, modified — Reference to “and/or processed and/or packaged” has been included in the definition and notes to entry have been added.]
3.25
management system
set of interrelated or interacting elements of an organization (3.31) to establish policies (3.34) and objectives (3.29) and processes(3.36) to achieve those objectives
Note 1 to entry: A management system can address a single discipline or several disciplines.
Note 2 to entry: The system elements include the organization's structure, roles and responsibilities, planning and operation.
Note 3 to entry: The scope of a management system may include the whole of the organization, specific and identified functions of the organization, specific and identified sections of the organization, or one or more functions across a group of organizations.
Note 4 to entry: Relevant disciplines are, for example, a quality management system or an environmental management system.
3.27
monitoring
determining the status of a system, a process (3.36) or an activity
Note 1 to entry: To determine the status, there may be a need to check, supervise or critically observe.
Note 2 to entry: In the context of food safety, monitoring is conducting a planned sequence of observations or measurements to assess whether a process is operating as intended.
Note 3 to entry: Distinctions are made in this document between the terms validation (3.44), monitoring (3.27) and verification(3.45):
- — validation is applied prior to an activity and provides information about the capability to deliver intended results;
- — monitoring is applied during an activity and provides information for action within a specified time frame;
- — verification is applied after an activity and provides information for confirmation of conformity.
3.29
objective
result to be achieved
Note 1 to entry: An objective can be strategic, tactical, or operational.
Note 2 to entry: Objectives can relate to different disciplines (such as financial, health and safety, and environmental goals) and can apply at different levels (such as strategic, organization-wide, project, product and process (3.36)).
Note 3 to entry: An objective can be expressed in other ways, e.g. as an intended outcome, a purpose, an operational criterion, as a FSMS objective, or by the use of other words with similar meaning (e.g. aim, goal, or target).
Note 4 to entry: In the context of FSMS, objectives are set by the organization, consistent with the food safety policy, to achieve specific results.
3.30
operational prerequisite programme
OPRP
control measure (3.8) or combination of control measures applied to prevent or reduce a significant food safety hazard (3.40) to an acceptable level (3.1), and where action criterion (3.2) and measurement (3.26) or observation enable effective control of the process (3.36) and/or product (3.37)
3.31
organization
person or group of people that has its own functions with responsibilities, authorities and relationships to achieve its objectives (3.29)
Note 1 to entry: The concept of organization includes, but is not limited to sole-trader, company, corporation, firm, enterprise, authority, partnership, charity or institution, or part or combination thereof, whether incorporated or not, public or private.
3.32
outsource,verb
make an arrangement where an external organization (3.31) performs part of an organization’s function or process (3.36)
Note 1 to entry: An external organization is outside the scope of the management system (3.25), although the outsourced function or process is within the scope.
3.33
performance
measurable result
Note 1 to entry: Performance can relate either to quantitative or qualitative findings.
Note 2 to entry: Performance can relate to the management of activities, processes (3.36), products (3.37) (including services), systems or organizations (3.31).
3.34
policy
intentions and direction of an organization (3.31) as formally expressed by its top management (3.41)
3.35
prerequisite programme
PRP
basic conditions and activities that are necessary within the organization (3.31) and throughout the food chain (3.20) to maintain food safety
Note 1 to entry: The PRPs needed depend on the segment of the food chain in which the organization operates and the type of organization. Examples of equivalent terms are: good agricultural practice (GAP), good veterinary practice (GVP), good manufacturing practice (GMP), good hygiene practice (GHP), good production practice (GPP), good distribution practice (GDP) and good trading practice (GTP).
3.36
process
set of interrelated or interacting activities which transforms inputs to outputs
3.37
product
output that is a result of a process (3.36)
Note 1 to entry: A product can be a service.
3.38
requirement
need or expectation that is stated, generally implied or obligatory
Note 1 to entry: “Generally implied” means that it is custom or common practice for the organization and interested parties that the need or expectation under consideration is implied.
Note 2 to entry: A specified requirement is one that is stated, for example in documented information.
3.39
risk
effect of uncertainty
Note 1 to entry: An effect is a deviation from the expected – positive or negative.
Note 2 to entry: Uncertainty is the state, even partial, of deficiency of information related to, understanding or knowledge of, an event, its consequence, or likelihood.
Note 3 to entry: Risk is often characterized by reference to potential “events” (as defined in ISO Guide 73:2009, 3.5.1.3) and “consequences” (as defined in ISO Guide 73:2009, 3.6.1.3), or a combination of these.
Note 4 to entry: Risk is often expressed in terms of a combination of the consequences of an event (including changes in circumstances) and the associated “likelihood” (as defined in ISO Guide 73:2009, 3.6.1.1) of occurrence.
Note 5 to entry: Food safety risk is a function of the probability of an adverse health effect and the severity of that effect, consequential to (a) hazard(s) in food (3.18), as specified in the Codex Procedural Manual[11].
3.40
significant food safety hazard
food safety hazard (3.22), identified through the hazard assessment, which needs to be controlled by control measures (3.8)
3.41
top management
person or group of people who directs and controls an organization (3.31) at the highest level
Note 1 to entry: Top management has the power to delegate authority and provide resources within the organization.
Note 2 to entry: If the scope of the management system (3.25) covers only part of an organization, then top management refers to those who direct and control that part of the organization.
3.42
traceability
ability to follow the history, application, movement and location of an object through specified stage(s) of production, processing and distribution
Note 1 to entry: Movement can relate to the origin of the materials, processing history or distribution of the food (3.18).
Note 2 to entry: An object can be a product (3.37), a material, a unit, equipment, a service, etc.
[SOURCE: CAC/GL 60‑2006, modified — Notes to entry have been added.]
3.43
update
immediate and/or planned activity to ensure application of the most recent information
Note 1 to entry: Update is different from the terms “maintain” and “retain”:
- — “maintain” is to keep something on-going/to keep in good condition;
- — “retain” is to keep something that is retrievable.
3.44
validation
<food safety> obtaining evidence that a control measure (3.8) (or combination of control measures) will be capable of effectively controlling the significant food safety hazard (3.40)
Note 1 to entry: Validation is performed at the time a control measure combination is designed, or whenever changes are made to the implemented control measures.
Note 2 to entry: Distinctions are made in this document between the terms validation (3.44), monitoring (3.27) and verification(3.45):
- — validation is applied prior to an activity and provides information about the capability to deliver intended results;
- — monitoring is applied during an activity and provides information for action within a specified time frame;
- — verification is applied after an activity and provides information for confirmation of conformity.
3.45
verification
confirmation, through the provision of objective evidence, that specified requirements (3.38) have been fulfilled
Note 1 to entry: Distinctions are made in this document between the terms validation (3.44), monitoring (3.27) and verification(3.45):
- — validation is applied prior to an activity and provides information about the capability to deliver intended results;
- — monitoring is applied during an activity and provides information for action within a specified time frame;
- — verification is applied after an activity and provides information for confirmation of conformity....
Comments
Post a Comment